Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net/npf - Save active config in proplib dictionary; add ...
details: https://anonhg.NetBSD.org/src/rev/458e16e50c4d
branches: trunk
changeset: 777986:458e16e50c4d
user: rmind <rmind%NetBSD.org@localhost>
date: Sun Mar 11 18:27:59 2012 +0000
description:
- Save active config in proplib dictionary; add GETCONF ioctl to retrieve.
- Few fixes. Improve some comments.
diffstat:
sys/net/npf/npf.c | 43 ++++++++++++++++++++++++++++-------------
sys/net/npf/npf.h | 3 +-
sys/net/npf/npf_ctl.c | 48 ++++++++++++++++++++++++++++++++--------------
sys/net/npf/npf_handler.c | 18 +++++++++++-----
sys/net/npf/npf_impl.h | 14 ++++++++----
sys/net/npf/npf_nat.c | 27 ++++++++++++++++---------
sys/net/npf/npf_session.c | 14 ++++++------
7 files changed, 109 insertions(+), 58 deletions(-)
diffs (truncated from 521 to 300 lines):
diff -r 90e6b2c06cea -r 458e16e50c4d sys/net/npf/npf.c
--- a/sys/net/npf/npf.c Sun Mar 11 17:28:47 2012 +0000
+++ b/sys/net/npf/npf.c Sun Mar 11 18:27:59 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.8 2012/02/20 00:18:19 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.9 2012/03/11 18:27:59 rmind Exp $ */
/*-
* Copyright (c) 2009-2010 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.8 2012/02/20 00:18:19 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.9 2012/03/11 18:27:59 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -70,6 +70,7 @@
npf_ruleset_t * n_rules;
npf_tableset_t * n_tables;
npf_ruleset_t * n_nat_rules;
+ prop_dictionary_t n_dict;
bool n_default_pass;
} npf_core_t;
@@ -93,6 +94,7 @@
#endif
npf_ruleset_t *rset, *nset;
npf_tableset_t *tset;
+ prop_dictionary_t dict;
int error = 0;
rw_init(&npf_lock);
@@ -104,10 +106,11 @@
npflogattach(1);
/* Load empty configuration. */
+ dict = prop_dictionary_create();
rset = npf_ruleset_create();
tset = npf_tableset_create();
nset = npf_ruleset_create();
- npf_reload(rset, tset, nset, true);
+ npf_reload(dict, rset, tset, nset, true);
KASSERT(npf_core != NULL);
#ifdef _MODULE
@@ -125,20 +128,20 @@
npf_fini(void)
{
- /*
- * At first, detach device, remove pfil hooks and unload existing
- * configuration, destroy structures.
- */
+ /* At first, detach device and remove pfil hooks. */
#ifdef _MODULE
devsw_detach(NULL, &npf_cdevsw);
#endif
- npf_unregister_pfil();
- npf_core_destroy(npf_core);
npflogdetach();
+ npf_pfil_unregister();
- /* Note: order is particular. */
+ /* Flush all sessions, destroy configuration (ruleset, etc). */
+ npf_session_tracking(false);
+ npf_core_destroy(npf_core);
+
+ /* Finally, safe to destroy the subsystems. */
+ npf_alg_sysfini();
npf_nat_sysfini();
- npf_alg_sysfini();
npf_session_sysfini();
npf_tableset_sysfini();
percpu_free(npf_stats_percpu, NPF_STATS_SIZE);
@@ -211,6 +214,9 @@
case IOC_NPF_RELOAD:
error = npfctl_reload(cmd, data);
break;
+ case IOC_NPF_GETCONF:
+ error = npfctl_getconf(cmd, data);
+ break;
case IOC_NPF_TABLE:
error = npfctl_table(data);
break;
@@ -255,6 +261,7 @@
npf_core_destroy(npf_core_t *nc)
{
+ prop_object_release(nc->n_dict);
npf_ruleset_destroy(nc->n_rules);
npf_ruleset_destroy(nc->n_nat_rules);
npf_tableset_destroy(nc->n_tables);
@@ -266,17 +273,18 @@
* Then destroy old (unloaded) structures.
*/
void
-npf_reload(npf_ruleset_t *rset, npf_tableset_t *tset, npf_ruleset_t *nset,
- bool flush)
+npf_reload(prop_dictionary_t dict, npf_ruleset_t *rset,
+ npf_tableset_t *tset, npf_ruleset_t *nset, bool flush)
{
npf_core_t *nc, *onc;
/* Setup a new core structure. */
nc = kmem_zalloc(sizeof(npf_core_t), KM_SLEEP);
- nc->n_default_pass = flush;
nc->n_rules = rset;
nc->n_tables = tset;
nc->n_nat_rules = nset;
+ nc->n_dict = dict;
+ nc->n_default_pass = flush;
/* Lock and load the core structure. */
rw_enter(&npf_lock, RW_WRITER);
@@ -333,6 +341,13 @@
return rw_lock_held(&npf_lock);
}
+prop_dictionary_t
+npf_core_dict(void)
+{
+ KASSERT(rw_lock_held(&npf_lock));
+ return npf_core->n_dict;
+}
+
bool
npf_default_pass(void)
{
diff -r 90e6b2c06cea -r 458e16e50c4d sys/net/npf/npf.h
--- a/sys/net/npf/npf.h Sun Mar 11 17:28:47 2012 +0000
+++ b/sys/net/npf/npf.h Sun Mar 11 18:27:59 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.h,v 1.14 2012/02/06 23:30:14 rmind Exp $ */
+/* $NetBSD: npf.h,v 1.15 2012/03/11 18:27:59 rmind Exp $ */
/*-
* Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
@@ -306,5 +306,6 @@
#define IOC_NPF_SESSIONS_SAVE _IOR('N', 105, struct plistref)
#define IOC_NPF_SESSIONS_LOAD _IOW('N', 106, struct plistref)
#define IOC_NPF_UPDATE_RULE _IOWR('N', 107, struct plistref)
+#define IOC_NPF_GETCONF _IOR('N', 108, struct plistref)
#endif /* _NPF_NET_H_ */
diff -r 90e6b2c06cea -r 458e16e50c4d sys/net/npf/npf_ctl.c
--- a/sys/net/npf/npf_ctl.c Sun Mar 11 17:28:47 2012 +0000
+++ b/sys/net/npf/npf_ctl.c Sun Mar 11 18:27:59 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_ctl.c,v 1.13 2012/02/20 00:18:19 rmind Exp $ */
+/* $NetBSD: npf_ctl.c,v 1.14 2012/03/11 18:27:59 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.13 2012/02/20 00:18:19 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.14 2012/03/11 18:27:59 rmind Exp $");
#include <sys/param.h>
#include <sys/conf.h>
@@ -66,10 +66,10 @@
if (onoff) {
/* Enable: add pfil hooks. */
- error = npf_register_pfil();
+ error = npf_pfil_register();
} else {
/* Disable: remove pfil hooks. */
- npf_unregister_pfil();
+ npf_pfil_unregister();
error = 0;
}
return error;
@@ -425,7 +425,7 @@
npfctl_reload(u_long cmd, void *data)
{
struct plistref *pref = data;
- prop_dictionary_t dict, errdict;
+ prop_dictionary_t npf_dict, errdict;
prop_array_t natlist, tables, rprocs, rules;
npf_tableset_t *tblset = NULL;
npf_ruleset_t *rlset = NULL;
@@ -435,12 +435,12 @@
/* Retrieve the dictionary. */
#ifdef _KERNEL
- error = prop_dictionary_copyin_ioctl(pref, cmd, &dict);
+ error = prop_dictionary_copyin_ioctl(pref, cmd, &npf_dict);
if (error)
return error;
#else
- dict = prop_dictionary_internalize_from_file(data);
- if (dict == NULL)
+ npf_dict = prop_dictionary_internalize_from_file(data);
+ if (npf_dict == NULL)
return EINVAL;
#endif
/* Dictionary for error reporting. */
@@ -448,7 +448,7 @@
/* NAT policies. */
nset = npf_ruleset_create();
- natlist = prop_dictionary_get(dict, "translation");
+ natlist = prop_dictionary_get(npf_dict, "translation");
error = npf_mk_natlist(nset, natlist, errdict);
if (error) {
goto fail;
@@ -456,7 +456,7 @@
/* Tables. */
tblset = npf_tableset_create();
- tables = prop_dictionary_get(dict, "tables");
+ tables = prop_dictionary_get(npf_dict, "tables");
error = npf_mk_tables(tblset, tables, errdict);
if (error) {
goto fail;
@@ -464,21 +464,21 @@
/* Rules and rule procedures. */
rlset = npf_ruleset_create();
- rprocs = prop_dictionary_get(dict, "rprocs");
- rules = prop_dictionary_get(dict, "rules");
+ rprocs = prop_dictionary_get(npf_dict, "rprocs");
+ rules = prop_dictionary_get(npf_dict, "rules");
error = npf_mk_rules(rlset, rules, rprocs, errdict);
if (error) {
goto fail;
}
flush = false;
- prop_dictionary_get_bool(dict, "flush", &flush);
+ prop_dictionary_get_bool(npf_dict, "flush", &flush);
/*
* Finally - reload ruleset, tableset and NAT policies.
* Operation will be performed as a single transaction.
*/
- npf_reload(rlset, tblset, nset, flush);
+ npf_reload(npf_dict, rlset, tblset, nset, flush);
/* Turn on/off session tracking accordingly. */
npf_session_tracking(!flush);
@@ -501,7 +501,9 @@
if (tblset) {
npf_tableset_destroy(tblset);
}
- prop_object_release(dict);
+ if (error) {
+ prop_object_release(npf_dict);
+ }
/* Error report. */
prop_dictionary_set_int32(errdict, "errno", error);
@@ -512,6 +514,22 @@
return 0;
}
+int
+npfctl_getconf(u_long cmd, void *data)
+{
+ struct plistref *pref = data;
+ prop_dictionary_t npf_dict;
+ int error;
+
+ npf_core_enter();
+ npf_dict = npf_core_dict();
+ prop_dictionary_set_bool(npf_dict, "active", npf_pfil_registered_p());
+ error = prop_dictionary_copyout_ioctl(pref, cmd, npf_dict);
+ npf_core_exit();
+
+ return error;
+}
+
/*
* npfctl_update_rule: reload a specific rule identified by the name.
*/
diff -r 90e6b2c06cea -r 458e16e50c4d sys/net/npf/npf_handler.c
--- a/sys/net/npf/npf_handler.c Sun Mar 11 17:28:47 2012 +0000
+++ b/sys/net/npf/npf_handler.c Sun Mar 11 18:27:59 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_handler.c,v 1.14 2012/02/20 00:18:19 rmind Exp $ */
+/* $NetBSD: npf_handler.c,v 1.15 2012/03/11 18:27:59 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.14 2012/02/20 00:18:19 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.15 2012/03/11 18:27:59 rmind Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -251,10 +251,10 @@
}
Home |
Main Index |
Thread Index |
Old Index